Title: How to Secure Client-Side Widget/SDK Authentication and Authorization for Third-Party Applications Using GCP?
Question:
I’m building a client-side widget/SDK that will be installed on third-party applications. The third-party applications should use a client_id
and client_secret
to secure the authentication and authorization process for the widget. I want to avoid implementing the entire OAuth/OIDC flow from scratch.
I’ve explored Firebase Auth’s OIDC provider, but it seems to be more focused on user authentication rather than securing client-to-server communication from a third-party app using client_id
and client_secret
.
Are there any tools or services available in Google Cloud (GCP) that can help manage this authentication and authorization process for my use case? Specifically, I’m looking for a solution that allows third-party applications to securely authenticate and authorize API requests from the widget using the client_id
and client_secret
.
Tech Stack:
- Firebase Auth
- Google Cloud (GCP)
Any guidance or recommendations would be greatly appreciated!